Kernel.org has released a security update stating that a vulnerability in the Kernel-based Virtual Machine (KVM) virtualization subsystem of the Linux Kernel exists due to the vmx.c source code file failing to set the GDT.LIMIT value to the previous host. As a result, malicious entries could be placed in the Global Descriptor Table (GDT) on …
PHP has released a security update stating that the following vulnerabilities have been found in PHP 7: Ver 7.2.8 Bug #71848 – Getimagesize with $imageinfo returns false Bug #73342 – Vulnerability in php-fpm by changing stdin to non-blocking Bug #74670 – Integer underflow when unserializing GMP and possible other classes Bug #75231 – ReflectionProperty#getValue() incorrectly …
Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) CORS bypass in Blink – (CVE-2018-6168) b) Cross origin information leak in Blink – (CVE-2018-4117, CVE-2018-6177) c) Heap buffer overflow in WebGL – (CVE-2018-6154, CVE-2018-6162) d) Heap buffer overflow in WebRTC – (CVE-2018-6156) e) Integer overflow in …
CERT has released a security update stating that Bluetooth firmware or operating system software drivers may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange. This may allow an unauthenticated, remote attacker to be able to utilize a man-in-the-middle network position to determine the cryptographic keys used by …
Apache has released a security update stating that it has discovered the following vulnerabilities in all versions of Apache Tomcat 9.0 and above: a) Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up – CVE-2018-8037. b) A bug in the UTF-8 decoder can lead to Denial of Service (DoS) …
Cisco has released a security update stating that it has found an issue in the Cluster Manager of Cisco Policy Suite which could allow an unauthenticated, remote attacker to log in to an affected system using the root account which has default, static user credentials. The vulnerability is due to the presence of undocumented, static …
Talos has released a security update stating that it has found the following issues in Computerinsel Photoline which is an image-processing tool used to modify and edit images as well as other graphic-related material: a) A specially crafted PSD document processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. b) An …
Apple has released a security update stating that the following vulnerabilities have been discovered in iTunes, iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, watchOS, tvOS, and iOS: a) A cookie management issue was addressed with improved checks – (CVE-2018-4293). b) A denial of service issue was addressed with improved memory handling …
Microsoft has released a security update stating that multiple vulnerabilities have been discovered in the following products: a) Microsoft Windows 7, 8.1, RT 8.1, and 10 b) Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 c) Microsoft Windows Server Core Installation 2008, 2008 R2, 2012, 2012 R2, 2016 d) Microsoft Office 2010, 2013, …
The Internet Systems Consortium (ISC) has released a security update stating that Kea DHCP 1.4.0 may fail to release memory after temporarily storing client network packets. This causes a constant increase in memory consumption that can cause server resources to become exhausted, leading to loss of DHCP server functionality. An attacker who is within the …